A lightweight library to decode and verify RSA ID tokens meant for the browser.

:books: Documentation - :rocket: Getting Started - :computer: API Reference - :speech_balloon: Feedback

Documentation

• API Reference
• Docs Site - explore our Docs site and learn more about Auth0

Getting Started

Installation

Using npm in your project directory run the following command:

npm install idtoken-verifier

Verify an ID token

Import the library, create an instance of IdTokenVerifier and call the verify method to verify an ID token:

import IdTokenVerifier from 'idtoken-verifier';

const verifier = new IdTokenVerifier({
  issuer: 'https://my.auth0.com/',
  audience: 'gYSNlU4YC4V1YPdqq8zPQcup6rJw1Mbt'
});

verifier.verify(id_token, nonce, (error, payload) => {
  if (error) {
    // handle the error
    return;
  }

  // do something with `payload`
});

API Reference

• IdTokenVerifier constructor
• verify
• decode
• validateAccessToken

Feedback

Contributing

We appreciate feedback and contribution to this repo! Before you get started, please see the following:

• Auth0's general contribution guidelines
• Auth0's code of conduct guidelines
• The contribution guide

Raise an issue

To provide feedback or report a bug, please raise an issue on our issue tracker.

Vulnerability Reporting

Please do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.

What is Auth0?

Auth0 is an easy to implement, adaptable authentication and authorization platform. To learn more checkout Why Auth0?

This project is licensed under the Apache 2.0 license. See the LICENSE file for more info.